[Samba] rc3: Server packet had invalid SMB signature!
Riegel, Bernhard
bernhard.riegel at sdm.com
Tue Sep 9 12:16:26 GMT 2003
(refers to posting "Samba 3.0 + ADS, winbind problem" from August, 28th)
Setup:
client: SuSE8.2 professional (kernel 2.4.20-4GB) with openldap2 2.1.12
and heimdal kerberos 0.4e from the SuSE CDs and Samba 3.0.0RC3 compiled
from source with flags "--with-ads --with-pam --with-acl-support".
server: Windows 2003 Server as Active Directory Controller (configured
as pure Win2000/Win2003-AD, Administrator password changed (several
times).
With RC3 I now reran my tests towards an integration of the samba3.0 as
a member server into the Win2k3-AD.
The join into the domain works, but smbclient yields:
[2003/09/09 13:39:32, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
session setup failed: Server packet had invalid SMB signature!
here the steps I performed
adslinux:/etc # /etc/init.d/nmb3 start && /etc/init.d/smb3 start &&
/etc/init.d/winbind3 start
Starting Samba3 NMB daemon done
Starting Samba 3 SMB daemon done
Starting Samba 3 WINBIND daemon done
adslinux:/etc # kdestroy
adslinux:/etc # kinit Administrator at ZRHTEST.SDM.DE
Administrator at ZRHTEST.SDM.DE's Password:
adslinux:/etc # net ads join
Using short domain name -- ZRHTEST
Joined 'ADSLINUX' to realm 'ZRHTEST.SDM.DE'
adslinux:/etc # klist -v
Credentials cache: FILE:/tmp/krb5cc_0
Principal: Administrator at ZRHTEST.SDM.DE
Cache version: 4
Server: krbtgt/ZRHTEST.SDM.DE at ZRHTEST.SDM.DE
Ticket etype: arcfour-hmac-md5, kvno 2
Session key: des
Auth time: Sep 9 13:40:09 2003
End time: Sep 9 23:38:55 2003
Ticket flags: initial, pre-authenticated
Addresses: IPv4:192.168.30.1
Server: adswintest$@ZRHTEST.SDM.DE
Ticket etype: arcfour-hmac-md5, kvno 3
Session key: des-cbc-md5
Auth time: Sep 9 13:40:09 2003
Start time: Sep 9 13:40:15 2003
End time: Sep 9 23:38:55 2003
Ticket flags: pre-authenticated, ok-as-delegate
Addresses: IPv4:192.168.30.1
Server: kadmin/changepw at ZRHTEST.SDM.DE
Ticket etype: arcfour-hmac-md5, kvno 2
Session key: des
Auth time: Sep 9 13:40:09 2003
Start time: Sep 9 13:40:16 2003
End time: Sep 9 13:42:16 2003
Ticket flags: pre-authenticated
Addresses: IPv4:192.168.30.1
adslinux:/etc # smbclient -L //adswintest -k
[2003/09/09 13:39:32, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
session setup failed: Server packet had invalid SMB signature!
adslinux:/etc # smbclient --version
Version 3.0.0rc3
here the [global] section of my smb.conf:
workgroup = ZRHTEST
realm = ZRHTEST.SDM.DE
security = ADS
encrypt passwords = yes
idmap uid = 10000-65000
idmap gid = 10000-65000
winbind enum users = yes
winbind enum groups = yes
passdb backend = tdbsam
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
wins server = 192.168.30.32
dns proxy = no
here my krb5.conf:
[libdefaults]
ticket_lifetime = 24000
default_realm = ZRHTEST.SDM.DE
dns_lookup_realm = false
dns_lookup_kdc = false
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
# heimdal specific settings:
v4_instance_resolve = false
# Set this to false to disable MIT krb5 compatibility
# in GSSAPI get_mic/verify_mic, and become compatible
# with older Heimdal releases instead.
gss_mit_compat = true
[realms]
ZRHTEST.SDM.DE = {
kdc = adswintest.zrhtest.sdm.de:88
admin_server = adswintest.zrhtest.sdm.de:749
default_domain = zrhtest.sdm.de
}
[domain_realm]
.zrhtest.sdm.de = ZRHTEST.SDM.DE
zrhtest.sdm.de = ZRHTEST.SDM.DE
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
--
Bernhard Riegel bernhard.riegel at sdm.de
More information about the samba
mailing list